package com.hippoDocker.security.expression;

import com.hippoDocker.security.pojo.dto.LoginUserDTO;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

import java.util.List;

/**
 * @ClassName ExpressionRoot
 * @Description TODO 自定义权限校验
 * @Author tangxl
 * @Date 2022/8/1 10:14
 **/
@Component("expressionRoot")
public class ExpressionRoot {

    public boolean hasAuthority(String authority){
        //获取当前用户权限
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        LoginUserDTO loginUserDTO = (LoginUserDTO) authentication.getPrincipal();
        List<String> roles = loginUserDTO.getPermissions();
        //判断用户权限集合中是否存在authority
        return roles.contains(authority);
    }
}
